Date: Fri, 1 Aug 2003 16:16:05 -0700 From: Darcy Buskermolen <darcy@wavefire.com> To: CPD - Equipe de =?iso-8859-1?q?Seguran=E7a?= <security@pucrs.br>, freebsd-ipfw@freebsd.org Subject: Re: IPFW, Nat and transparent proxy ( on different machines ) Message-ID: <200308011616.05106.darcy@wavefire.com> In-Reply-To: <5.2.0.9.0.20030801151745.02d1cc18@pop3.pucrs.br> References: <5.2.0.9.0.20030801151745.02d1cc18@pop3.pucrs.br>
next in thread | previous in thread | raw e-mail | index | archive | help
On your curent box doing nat add the following rules: add skipto (skip over the next rule) tcp from squid.mynet to any dest-por= t 80 add fwd squid.mynet tcp from any to any dst-port 80 in via internaif make sure both those rules are found AFTER your nat divert rules. on your new squid box: add fwd 127.0.0.1,3128 tcp from internalnet to not me dst-port 80 via=20 internalif This is how I have mine running, and it works like a charm. =20 Hope this helps On Friday 01 August 2003 11:21, CPD - Equipe de Seguran=E7a wrote: > Dear gentleman, > > > So far I've been running a FreeBSD 4.7 machine which runs NAT, IPFW = and > Squid , acting like a transparent proxy/cache , NAT box and packet > filter/firewall. > > Now, the load is getting too heavy, so I'd like to use a second mach= ine > (with a second WAN link ) as a separate proxy for the HTTP traffic. > > Question is, how can I set up IPFW/NAT to send all the HTTTP ( port = 80 > only ) traffic that comes on the internal interface ( 192.160.0.1 ) to = the > new proxy-only machine's internal interface ( 192.168.0.2), and still h= ave > the rest of the traffic flowing normally through the other gateway, whi= ch > will now run only NAT and IPFW as firewall. > > It's confusing somehow, I hope I managed to be clear enough. > > Thanks for any insight, > > - Alexandre > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" --=20 Darcy Buskermolen Wavefire Technologies Corp. ph: 250.717.0200 fx: 250.763.1759 http://www.wavefire.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200308011616.05106.darcy>